CVE-2026-42329

creationtimestamp| type| source ---|---|--- 2026-06-04 22:57:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnipvx2imz2h...

CVE-2026-5066

creationtimestamp| type| source ---|---|--- 2026-06-04 22:42:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnip2hi5672f...

CVE-2026-48522

A flaw was found in PyJWT, a JSON Web Token implementation in Python. The PyJWKClient component, prior to version 2.13.0, directly passes its Uniform Resource Identifier URI argument to urllib.request.urlopen. This allows a remote attacker, by influencing the application's jku URL ingestion path,...

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

CVE-2026-48040

creationtimestamp| type| source ---|---|--- 2026-06-04 19:29:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mniecjvsyh2f...

CVE-2026-50292

creationtimestamp| type| source ---|---|--- 2026-06-04 19:14:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnidhojmn72x 2026-06-11 12:18:10+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mnz7hachms2l 2026-06-11 12:18:11+00:00| seen|...

CVE-2026-7774

creationtimestamp| type| source ---|---|--- 2026-06-04 16:25:15+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnhzymng362i 2026-06-05 13:35:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnkaxtlnnt2f...

Exploit for CVE-2026-8732

CVE-2026-8732 – WordPress WP Maps Pro Exploit Unauthenticat...

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

CVE-2026-10809

creationtimestamp| type| source ---|---|--- 2026-06-04 15:34:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhx5xhi3a2g...

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

CVE-2025-62338

creationtimestamp| type| source ---|---|--- 2026-06-04 15:11:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhvupnvuy2p...

CVE-2026-40605

creationtimestamp| type| source ---|---|--- 2026-06-04 15:02:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhvehyugn2b...

CVE-2026-10854

creationtimestamp| type| source ---|---|--- 2026-06-04 14:57:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhv3u7pcq2x...

CVE-2019-25745

creationtimestamp| type| source ---|---|--- 2026-06-04 14:49:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhunutpu526 2026-06-04 23:28:00+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnirmljg7r2d 2026-06-04 23:30:30+00:00| seen|...

CVE-2026-10861

creationtimestamp| type| source ---|---|--- 2026-06-04 14:46:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhuhzxasw2b...

CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

EUVD-2026-34286

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...